Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows XP won't load past black screen of doom


  • Please log in to reply
1 reply to this topic

#1 Idol

Idol

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Florida
  • Local time:10:58 AM

Posted 21 September 2010 - 01:39 PM

I'm running windows XP, and cannot get it to load past the black screen with the windows logo and the blue progress bar..the screen that you see (usually for just a few seconds) right before your desktop pops up. I've run malwarebytes and hijackthis, logs below, and spybot. No spybot log, but it did find some things that it said were successfully removed after the scan.

The only thing I can get my computer to do, at this point, is open up in safe mode...windows will load there, but not during a normal start-up. Any help would be greatly appreciated.


Hijackthis Log:

Scan saved at 10:36:12, on 2010-09-21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSExplorer.EXE
C:Documents and SettingsOwnerDesktopHijackThis.exe

R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Spybot-S&D IE Protection - {53707962-6f74-2d53-2644-206d7942484f} - C:PROGRA~1SPYBOT~1SDHelper.dll
O4 - HKLM..Run: [SunKistEM] "C:Program FilesDigital Media Readershwiconem.exe"
O4 - HKLM..Run: [NVMixerTray] "C:Program FilesNVIDIA CorporationNvMixerNVMixerTray.exe"
O4 - HKLM..Run: [NvMediaCenter] "RUNDLL32.EXE" C:WINDOWSsystem32NvMcTray.dll,NvTaskbarInit
O4 - HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM..Run: [F5D7050v3] C:Program FilesBelkinF5D7050v3Belkinwcui.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [Malwarebytes Anti-Malware (reboot)] "C:Program FilesMalwarebytes' Anti-Malwarembam.exe" /runcleanupscript
O4 - HKCU..Run: [SpybotSD TeaTimer] "C:Program FilesSpybot - Search & DestroyTeaTimer.exe"
O4 - HKCU..Run: [Pando] C:Program FilesPando NetworksPandoPando.exe /Minimized
O4 - HKCU..RunOnce: [FlashPlayerUpdate] C:WINDOWSsystem32MacromedFlashFlashUtil10c.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:Program FilesAdobeAcrobat 7.0Readerreader_sl.exe
O8 - Extra context menu item: &ieSpell Options - res://C:Program FilesieSpelliespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:Program FilesieSpelliespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:Program FilesieSpellMerriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:Program FilesieSpellwikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:WINDOWSsystem32shdocvw.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:Program FilesieSpelliespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:Program FilesieSpelliespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:Program FilesieSpelliespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:Program FilesieSpelliespell.dll
O9 - Extra button: (no name) - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {dfb852a3-47f8-48c4-a200-58cab36fd2a2} - C:PROGRA~1SPYBOT~1SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%Network Diagnosticxpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program FilesMessengermsmsgs.exe
O10 - Unknown file in Winsock LSP: c:program filesbonjourmdnsnsp.dll
O11 - Options group: [international] International
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:Program FilesCommon FilesAdobe Systems SharedServiceAdobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:WINDOWSsystem32driversKodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:WINDOWSsystem32nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:WINDOWSsystem32HPZipm12.exe



Malwarebytes Log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2010-09-21 07:59:30
mbam-log-2010-09-21 (07-59-30).txt

Scan type: Full scan (C:|)
Objects scanned: 259133
Time elapsed: 1 hour(s), 43 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:QooboxQuarantineCWINDOWSsystem32logon.exe.vir (Worm.Emold) -> Quarantined and deleted successfully.


NOTE: this is my second attempt at submitting this post. The first time, my post just poofed into the great abyss because of my version of hijack this. dry.gif

I will try to get the newer version on a flashdrive and see if I can get it to install on my own computer (this is a borrowed one I'm on now). If I can get a newer version installed, I'll run it and post the newer log. Wish me luck on that!


ETA: I forgot to say that I also ran Windows Defender, but it came up with nothing...said my system was fine and dandy....it lies!!!!! dry.gif

Okay, I followed the link provided by...Grinwald? someone like that..whoever sent the pop-up message saying my hijackthis was an old version and that I needed to update. Anyway, i followed the link, put the newest hijackthis version on a flashdrive, and tried to install it on my computer. I got an error message that says:

"The system administrator has set policies to prevent this installation"


Well, I just don't know what that means, to be honest. I'm the only owner/administrator on that computer, and don't have the foggiest idea of where to go to undo whatever policies were set...?? I tried to install as both owner and administrator...same error message on both user ID's.

Any idea on how to allow the installation of the newest hijackthis would be appreciated as well...unless the log from the older version is good enough. Thanks again.


ETA: Just putting an FYI on here...I just ran malwarebytes again, and the full scan came back clean, saying there were no malicious files found...didn't think a log of 'all clear' was necessary, but just as an fyi, I ran it, it's clean, but i still can't get passed the black windows loading screen. I am still unable to get the newer version of hijackthis to install. Hope the log I provided is enough. Thanks again for any/all help.


Another ETA: I found where my first run of Spybot had removed some stuff, and here is what it removed:

Fraud.VirusREmove2009 (two HKEY_Local_Machine things..I'm sorry, but I can't figure out how to get this area of spybot to copy, so I can't save it to paste in this thread).

Fraud.Sysguard (five HKEY_Local_Machine things...see above for apology!)


I just finished another run of spybot, and according to them, my system is coming up clean, nothing found...liars! lol

Last ETA, I promise: Last night, I ran one of these virus scans (spybot, malwarebytes, or hijackthis), and one of them found "monmvr32.exe" and said it needed to be removed.

I looked everywhere, but cannot find which program located this file, removed it, etc...but I know it was done last night, because I googled the file name to see what it was (no help on google for it...must be new??). I do not know if this is the name of the actual virus I have or not. But whatever is eating up my system, it's a dirty rotten evil stinking bleeping bleeper!!! (no, I didn't cuss...I typed bleep on purpose..lol) trying to maintain a sense of humor here...I'm almost in tears about this whole thing.

GUESS WHAT!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I GOT A SCREEN!!!!!!

Okay, breathe, Idol, BREATHE!!!! ::huff puff, huff puff::

Okay....I did all the crap I told you about (it's all posted up yonder ^^^^^^). Almost in tears, I rebooted for about the 200th time, no exaggeration, and just said BLEEP it, cause I didn't have it in me to watch that black screen freeze up again. I walked away for about an hour, and I walked back in here, and I HAVE DESKTOP!!!!!!!!!!!!

I'm scared BLEEPless to do anything...I see a suspicious bubble on the task bar saying "your computer might be at risk, antivirus software might not be installed, click this balloon to fix this problem"....well, I learned the hard way about 2 years ago NOT to click those balloons!

OOh, I'm so torn! Should I be giddy as a schoolgirl that I have desktop? (i vote "yes") or scared bleepless to click anything in case whatever it was/is that botched me up to begin with is still lurking?

Oh, screw it..I'M HAPPY!!! But I'm going to run a bunch of stuff (scans) to see what I can find. I'll update this post when I'm done...cross your fingers!!

(and p.s....I'm really not cussing...I'm typing out the bleeps cause it cracks me up! )

**special thanks to Pandy for being such a doll !!

Good news is: I'm able to get online, no problems are obvious, the mystery balloon about 'you aren't protected' or whatever was legit (windows security alert), and I ran my spybot and malwarebytes again, and all I've got is one hit for a tracking cookie...are those even a big deal? I thought all cookies were trackers...or at least the chocolate chip ones are..you can't trust those Tollhouse bastards!! The Keebler Elves are even worse! Bunch of porn watching little people is what they are! Trust me when I say, you don't even WANT to know what their secret ingredient is!! blink.gif


anyway, it appears that whatever I had is gone...or at least gone to sleep. So thanks again to Pandy for being so sweet to me while I was at my wits end!

**just posting this so the computer-fixer-upper people can focus on those who still need help. BUT!!! (and that's a mighty big but)...if you see anything in the logs that needs fixing, PLEASE LET ME KNOW!!!

alas....my joy was so short-lived. I'm back to stuck on the black screen of doom. The night I posted about being 'fixed', I had left my computer turned on, running scans, which came up with a tracking cookie, nothing else. Left the computer on all day yesterday, but finally shut it down last night.

well....you can probably guess what happened. When I turned it on this morning, it froze up on the black screen again (five minutes so far of staring at the windows loading screen).

So...I'm back to square one, and begging for help again. If a mod or anyone reads this, please let me know if I should start a whole new topic, or if using this one is okay, since all the info is already here.

Thanks for any and all help.

EDIT: Posts merged ~BP

budapest..thank you for merging my posts! Feel free (you or any mod) to shove this one up with the other..just wanted to update:


I'm still stuck. As of last night's scan, Malwarebytes shows clean, and spybot removed 6 (six) tracking cookies. When I turn my computer on, I still get the black screen for over an hour, then it will go to my desktop, and the computer runs normally. What I can't figure out is why it stays stuck on this black screen for so long.

I turned the system on this morning at 9:15am. It's now 10am, and I'm still looking at the black windows loading screen. I don't even know what kind of program to run to try and find out what's wrong. Is it possible that it's not a virus, and is actually a windows glitch? Is there a program I can download and run, that you guys recommend, to check for the presence of a virus that malwarebytes and spybot aren't finding? Maybe a windows diagnostic program? I'm just so stuck, and so frustrated...this loading window usually lasted about 10 seconds..now it's an hour plus.

Thanks in advance for any and all help.

Merged 4 posts. ~ OB

OB-thanks for the merge! Feel free (you, or any other mod) to merge this post with the othersl

UPDATE: 9-26-2010

Windows Defender scanned last night, and found the following, which W-Def classified as a Trojan:

Hiloti.gen!D


Upon removal (which W-Defender said was successful), it said that what had been removed was

C:\Windows\rsrvwsh.dll

It gave me a link to click to "learn more about what was removed" and this is that link:

http://www.microsoft.com/security/portal/T...threatid=147238

Mind you, two other full scans by Windows Defender came back perfectly clean, nothing found.

Now here I sit, scared to reboot my computer, as it still takes upwards of 2 (two) full hours (sometimes a little bit less, but it's always a minimum of an hour and a half) to get past that black loading screen.

Any and all advice/help would be greatly appreciated!!!!!

UPDATE AGAIN 9-26

I just downloaded and installed Microsoft Security Essentials, and it found the following:

Trojan: WinNT/Bubnix.k

The following item was successfully removed:

C:\Windows\system32\drivers\70424f0f.sys.sys


It provided the following link to "learn more about this online" :

http://www.microsoft.com/security/portal/T...atid=2147638672

I have to restart my computer to complete the clean up...unless this program performed a miracle, it'll be about 2 hours before this thing will boot past the black screen of death.

Thanks for any/all help/advice/etc...

EDIT: Another post merged ~BP

Edited by Budapest, 26 September 2010 - 04:15 PM.


BC AdBot (Login to Remove)

 


#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:11:58 AM

Posted 28 September 2010 - 06:37 AM

Hello [/color]

Welcome to BleepingComputer
=====================
  • Download [color="#FF0000"]OTL to your desktop.
  • Double click on OTL to run it.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold

    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Please download Rootkit Unhooker and save it to your desktop.
  • Double-click RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • Uncheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait till the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it, typically your desktop. Click Close
  • Copy the entire contents of the report and paste it in your next reply.
Note - You may get this warning it is ok, just ignore it."Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users